Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make sure that only the owner can call stopVpnProfile()

Browse Source 
In stopVpnProfile(), it doesn't check if the caller's package
name is the same as the given one, so any app has chance to stop
the VPN profile of other apps.

Bug: 191382886
Test: atest FrameworksNetTests CtsNetTestCases \
      CtsHostsideNetworkTests:HostsideVpnTests
Change-Id: Ib0a6e9ed191ff8c8bd55ce9902d894b6a339ace2
Merged-In: I254ffd1c08ec058d594b4ea55cbae5505f8497cc
This commit is contained in:
lucaslin
2021-07-29 13:26:35 +08:00
parent 30c6383d1d
commit f3072fcd46
2 changed files with 44 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/net/java/com/android/server/ConnectivityServiceTest.java
View File

@@ -1224,6 +1224,9 @@ public class ConnectivityServiceTest {
Arrays.asList(new UserInfo[] {
new UserInfo(VPN_USER, "", 0),
}));
final int userId = UserHandle.getCallingUserId();
final UserInfo primaryUser = new UserInfo(userId, "", UserInfo.FLAG_PRIMARY);
doReturn(primaryUser).when(mUserManager).getUserInfo(eq(userId));
final ApplicationInfo applicationInfo = new ApplicationInfo();
applicationInfo.targetSdkVersion = Build.VERSION_CODES.Q;
when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any()))
@@ -1368,6 +1371,9 @@ public class ConnectivityServiceTest {
buildPackageInfo(/* SYSTEM */ false, APP2_UID),
buildPackageInfo(/* SYSTEM */ false, VPN_UID)
}));
final int userId = UserHandle.getCallingUserId();
when(mPackageManager.getPackageUidAsUser(TEST_PACKAGE_NAME, userId))
.thenReturn(Process.myUid());
}
private void verifyActiveNetwork(int transport) {
@@ -7068,6 +7074,18 @@ public class ConnectivityServiceTest {
assertContainsExactly(uidCaptor.getValue(), APP1_UID, APP2_UID);
}
@Test
public void testStartVpnProfileFromDiffPackage() throws Exception {
final String notMyVpnPkg = "com.not.my.vpn";
assertThrows(SecurityException.class, () -> mService.startVpnProfile(notMyVpnPkg));
}
@Test
public void testStopVpnProfileFromDiffPackage() throws Exception {
final String notMyVpnPkg = "com.not.my.vpn";
assertThrows(SecurityException.class, () -> mService.stopVpnProfile(notMyVpnPkg));
}
@Test
public void testUidUpdateChangesInterfaceFilteringRule() throws Exception {
LinkProperties lp = new LinkProperties();